Krebs on Security

In-depth security news and investigation

Happy Seventh Birthday, KrebsOnSecurity!

Hard to believe it’s time to celebrate another go ’round the Sun for KrebsOnSecurity! Today marks exactly seven years since I left The Washington Post and started this here solo thing. And what a remarkable year 2016 has been!

The biggest attack of all — the 620 Gbps distributed denial-of-service (DDoS) assault against this site on Sept. 22 — resulted in KrebsOnSecurity being unplugged for several days. The silver lining? I now have a stronger site and readership. Through it all, the community that has grown up around this site was extremely supportive and encouraging. I couldn’t be prouder of this community, so a huge THANK YOU to all of my readers, both new and old.

It’s fair to say that many of the subjects in the word cloud above are going to continue to haunt us in 2017, particularly ransomware, CEO fraud and DDoS attacks. I am hopeful to have more on the “who” behind the September attacks against this site in the New Year. I promise it’s going to be a story worth waiting for. Stay tuned.

Also, many of you have asked whether we can have a more responsive theme on this blog. It is true that the site hasn’t been updated appearance-wise since it launched seven years ago, and that it’s long overdue for a facelift. We were on track to have that done by today’s blog post, but for a variety of reasons this will have to wait until the early New Year. Thank you for your patience.

My aim from the beginning with this site has been to focus on producing original, impactful reporting on computer security and cybercrime, and to keep the content free for anyone and everyone. That remains my intention. For those of you who have Adblock installed, please consider adding an exception for my site: For security reasons (see malvertising for more info), this site has not allowed third-party content since late 2011, and all of the handful of ads that run here are hosted locally and have been fully vetted.

As always, below are links to some of the most-read stories on the site this year. Thanks again for your readership, encouragement and support!

This entry was posted on Thursday, December 29th, 2016 at 10:15 am and is filed under Other.
You can follow any comments to this entry through the RSS 2.0 feed.
Both comments and pings are currently closed.

131 comments

I’ll be finishing Spam Nation soon but have already done a class presentation on the information therein and am doing my best to help spread the word about what **really** happens when one opens enticing spam and clicks on those links…

I’ve been following you since your days at WaPo. I am no computer expert and find your advice very helpful (I would say “rely on” but don’t want to make you nervous) to keep my home computers, phones, etc. safe. Thank you. And, to the extent my non-digital mind understands them (and you do a great job of making complex items accessible), I am enlightened about the digital dangers we face. Thank you.

Happy Birthday Krebs on Security! I probably have just a basic understanding of everything that is discussed here but all the articles and comments continue to fascinate and inform me I also have enormous respect for all that YOU do, Mr. Krebs!

There are many people overseas, and in America that just don’t care. I found a network of fake staffing companies being run off of DreamHost (based in Bria California), last year. The scammer bought 20+ domains. He would target specific job seekers sending them emails from these bought domains with matching web sites. The goal was to walk the victim through fake phone interviews and then request SSN and DOB to submit the victim to a ‘client corporation.’
I warned the DreamHost abuse staff several times showing them the threads of the scam, the posting by various victims and the DreamHost staff responded with a fu&# off. They added that they would only respond to law enforcement orders. The domains continued to exist until they expired.
As long as the employees of the hosting companies get their paychecks, they don’t care. As long as the hosting companies executives continue to see money from the scammer/client they don’t care.
I created a blogger site to document all that I found about this scammer at.https://fakestaffing.blogspot.com

The scammer is still running with a new batch of domains hosted on American services. They are DreamHost, 1and1.com, and blue host.com.

There is one hosting company that I warned that did shut down three domains. I sent them the same information as the ones listed above. The evidence was good enough for them to reach the conclusion that the scammer was a criminal but the ones listed above just don’t care.

THIS IS STILL THE WILD WEST
A rough comparison to the United States in the late 1860s or through the 1870s, vis-a-vis laws and law enforcement. It’s both healthy and dangerous, invigorating and rife with exploitation. Surely the FBI with its current staffing, budget, and other responsibilities, can only do so much. We need smart online consumers, too! Don’t be a chump, and when swindled nonetheless by a flim-flam predator, inform the local constabulary, law enforcement, in other words, correct?
Most people have a strong sense of justice, and the crooks prey on that trusting attitude. Example: will your aunt in the Midwest (or the Bronx) be able to disambiguate spam from legit communication online, across the board, covering the entire waterfront?
No. Moreover, your aunt or uncle or even YOU may be the gate-keeper online, in private or public capacities. Brian is just one guy, he can’t do all the intellectual work alone. We have to educate ourselves, refuse to panic/be stunned by sensationalistic threats from nitwits, and forge on. Happy New Year!
Thus the undefined term “unconscionable” in the law, for something defintely outrageous, but which is so slippery it hasn’t yet been definitively codified as illegal.

Congratulations on an insightful and impactful 7 year run. As I recall from my old biology courses every 7 years the body has replaced every cell and is, therefore, renewed, reborn, and rejuvenated. I enjoy the content and straightforward style of your current site but if change means that the site is more mobile friendly then I”m all for it. Keep fighting the good fight Mr. Krebs. You honor humanity through your service. Kind regards, and Happy New Year.

Brian, you’re a mensch, a human being with the fidelity, bravery and integrity mentioned in the FBI motto, in my opinion. It’s always inspiring to see good values counter greed, stupidity, and outright evil intentions, not to put too Manichean a spin on it — just that it’s inspiring to see people with integrity doing the right thing, thanks!

Thank you for your blog/reporting on the criminal activities of the THIEVES that steal from the unsuspecting ….it angers me that the US Government does nothing to punish ISP’s , hosters , anonymous email relays , anonymous phone systems etc etc….I know I know the ISP’s will simply say that they cannot keep up or don’t have the man power or the cyber security systems in place to sniff criminal sources but imagine how quickly solutions can be found or architectured if penalties , fines , prison time were doled out to these hosters , sip,s et etc simply for allowing criminal traffic to pass…to me its really that simple….ISP’s sure have enough technology to throttle or shape prioritize traffic …they know what traffic comes from netflix , apple tv and so on…and hosters that sell websites to the bad guys ..f*** you too….bad criminal interesting traffic should be vetted by the source ( source interface to that local ISP) or BLOCKED…nigerian scams or “IRS is out to sue you” scams should be tracked from the very phone# they leave on your answering machine and fine or block the phone anonymize..start there…start somewhere !!!!!

I had the great pleasure to meet you in person about a year after you first kicked this thing off.
What impressed me most is that you are even smarter in person than you are on the blog – as difficult to believe as that may be for many folks.
Much has changed in that time and sadly, much has not.
What has not changed in that time is your passion, dedication and desire to make a positive difference in the digital lives of us all, and for that I thank you from the bottom of my heart.
Stay gold Ponyboy.

I’m thankful for your time and effort you put into your site. I have been reading daily all of your emails. I don’t know a lot about the very techy things, but I am very aware that the Internet can be dangerous and wonderful at the same time. Wonderful because it affords right up to the moment information. Dangerous because from the time Humans, (and not so humankind) from creation on Earth can sometimes commit horrible acts towards each other. The internet isn’t left out of this kind of chicanery. Who said words don’t hurt? Sure glad that Mr Krebs is NOT one of the “Bad Guys “. Mr Krebs please be proud of your wonderful works. It’s hard to be a Eagle when Vultures are flying over, around, and waiting on the ground to pounce on you when you they think you at your weakest . You are are a good Man among many doing good deeds. It’s just that the the other side who are wile get attention by being artsy dodgers of truth by being deceitful, beguiling and raucous. I really appreciate your good work.

I’ve been a casual reader of your site for the past few years. As a student and a veteran trying to change careers, your material has been invaluable in 1) just helping me understand the many nuances of this industry and 2) using you and your associates material as references in I don’t know how many papers, case studies, etc. I only have four credits left, and you made it that much easier to get to this point.